After Verizon breach, 1.5 million customer records put up for sale

After a data breach at Verizon Enterprise Solutions, a customer database and information about Verizon security flaws were reportedly put up for sale by criminals this week.

According to KrebsOnSecurity, "a prominent member of a closely guarded underground cybercrime forum posted a new thread advertising the sale of a database containing the contact information on some 1.5 million customers of Verizon Enterprise."

The entire database was priced at $100,000, or $10,000 for each set of 100,000 customer records. "Buyers also were offered the option to purchase information about security vulnerabilities in Verizon’s Web site," security journalist Brian Krebs reported. Verizon Enterprise is itself a seller of security products and services, often helping Fortune 500 businesses clean up after data breaches. Verizon Enterprise also sells Internet service to large businesses, along with a variety of other networking products.

Verizon has already identified and fixed the flaw in its enterprise client portal that allowed hackers to gain access to the database, the company told Krebs. "Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers," Verizon was quoted as saying. "No customer proprietary network information (CPNI) or other data was accessed or accessible."

We've asked Verizon for further information and will provide an update if we get one. The contact information stolen from Verizon could be used in phishing scams and other attacks, Krebs wrote. "Even if it is limited to the contact data for technical managers at companies that use Verizon Enterprise Solutions, this is bound to be target-rich list," he wrote. 97 percent of Fortune 500 companies are customers of Verizon Enterprise. The carrier has reportedly considered selling off the business but was unable to find a buyer.